City of Boston’s license plate reader database was online in plain text with no password protection

The Boston Transportation Department has been operating a license plate tracking program seeking to identify parking scofflaws, people with expired insurance, stolen cars, and even people suspected of gang and terrorist ties, according to recently discovered documents. Up until a few weeks ago, this sensitive information about thousands of people, including every person with a Boston resident parking permit, was stored online in plain text for the world to see.

In mid-August 2015, officials in Boston were surprised to receive a phone call from journalist Kenneth Lipp, who informed them that the Boston Transportation Department’s entire license plate reader database was online and available to download for anyone with an internet connection. There was no password guarding the database, which contained a million or so license plate reader records, the home addresses of every single person with a Boston parking permit, and lists of 2,500 people the police or FBI (it remains unclear which) have designated suspected gang members or terrorists, among other data.

Through some Googling, Lipp discovered that BTD’s license plate reader system, run by the Canadian technology giant Genetec, was dumping all of its records into an online server maintained by a Xerox subsidiary for the world to see—if it knew where to look.

Included in the files available on this public facing, password-free server were records suggesting that the Boston Police Department has been piggybacking offBTD license plate reader data for years. One of the files shows what appear to be records of automated emails from the BTD server to the Boston Police department’s stolen vehicle office, alerting the police each time a car on the stolen car hotlist encountered a BTD license plate reader.

I was surprised to discover these records because in 2013, in the wake of local reporter Shawn Musgrave’sexpose on privacy and civil liberties problems with the department’s license plate reader program, the Boston Police told the publicthat it was scrapping the program altogether. The Xerox records suggest scrapping isn’t at all what occurred. Indeed, the automated emails from BTD’slicense plate reader program to the Boston Police, left on the Xerox server for anyone to download at will, appear to have started at around the same time the cops told the public they’d stopped using license plate readers. That’s to say, instead of scrapping the program as the police told the public they would, BPD appears to have bootstrapped their license plate reader program from BTD data.

While the Boston Transportation Department’s license plate reader program is primarily used for parking enforcement, the records obtained freely online reveal that the information was processed for other purposes that go well beyond hunting for stolen cars.

In collecting data, the BTD patrols city blocks—in some cases, both literally and figuratively sweeping the street with ALPR-equippedsanitation trucks—and not exclusively in search of plates belonging to scofflaws. Files obtained in our investigation reveal that as the BTD’s software searches databases, it alerts department operators if a plate is connected to a “convicted person on supervised release,” or to someone pegged to a “protection order.” Commonly called hotlists, these compendiums are created by fusing criminal intelligence from sources like the FBI’s National Crime Information Center and the AMBER Alert program, as well as from data furnished by banks, collection agencies, and the civil court system.

It’s not clear whether or how the public is any safer when authorities use massive watchlists. In Boston, a city of approximately 600,000 people, parking enforcement has one hotlist with 720,000 hits, each of which notes a plate number, location info, and available make and model data. Among the targets listed in August: 19 license numbers classified as “immediate threats,” nearly 4,000 affiliated with “wanted persons,” 25 plates linked to bad checks, 75 tied to payment defaults, and 468,617 flagged for cancelled insurance. Also exposed were 2,500 hits on a “Gang/Terrorist Watch…”

We don’t know for certain from which list the 2,500 people identified as gang members or terrorists were so designated, or who designated them, but a likely suspect is the FBI’s Violent Gang and Terrorist Organization File (VGTOF) database.

According to a 2007 Inspector General report, the FBI at that time included nearly half a million people in this database, assigning them one of three codes meant to inform law enforcement “whether there is an active arrest warrant, a basis to detain the individual, or an interest in obtaining additional intelligence information regarding the individual,” respectively.

It’s not certain that the 2,500 people identified as “Gang/Terrorist Watch” in the Xerox/Boston Transportation Department license plate reader database were identified as such because of their inclusion in the FBI’s VGTOF, but it seems probable. The FBI may be interested to know that information about who is a suspected terrorist is posted on the internet for anyone in the world to download and peruse.

Government agencies routinely implore the public to trust them with our sensitive information, whether it’s license plate reader records detailing our movements and life patterns or information collected about political activists for so-called “public safety” purposes. But incidents like this one demonstrate that we should be very circumspect about allowing governments and corporations to collect, share, and manipulate information about us in secret.

Journalist Kenneth Lipp found this database and exposed it to the company and transportation department, triggering an added layer of security that shielded the information from the public. We will likely never know how many other people stumbled across it, or what they might have done with the information, before then.